IACD is a strategy for increasing the speed and scale of cyber defenses by leveraging automation to enhance the effectiveness of human defenders, moving them outside the response loop into a response planning and approval role “on the loop” of cyber defense. Learn more about IACD here.

The Integrated Adaptive Cyber Defense (IACD) concept was driven by existing and increasingly more critical challenges in cyber defense:

  • Cybersecurity solutions and operations cannot scale to complexity, interdependencies, and pervasiveness of threats.
  • Adversaries already employ reuse, modularization, orchestration, and automation.
  • Acquisition and procurement processes don’t accommodate for the speed of technology evolution.
  • Workforce realities demand a different approach—skilled human capital is at a premium.
IACD provides a framework, including reference architectures, use cases, draft specifications, and implementation examples that enable enterprise owners to leverage investments they have already made in cybersecurity through adoption of this extensible, adaptive approach to address the challenges listed above.

IACD integrates the activities of multiple products and services to automate the determination of risk, the decision to act, and the synchronization of response actions in accordance with the organization’s business rules. In addition, IACD shares threat information and responses across communities of trust. An organization’s business rules are codified by the procedures (referred to as “playbooks”) it follows when it encounters a cyber event. IACD translates these procedures into workflows that enable automation of the key capabilities of IACD: sensing, sense making, decision making, and action. Further details are available in the Integrated Adaptive Cyber Defense (IACD) Baseline Reference Architecture .

The IACD project was initiated in 2014 by the Department of Homeland Security (DHS) and the National Security Agency (NSA). They jointly sponsor strategic research and development by the Johns Hopkins University Applied Physics Laboratory (JHU/APL) in collaboration with government, academic, and commercial organizations.

IACD has three driving tenets that influence its concepts and capabilities: (1) bring your own enterprise, (2) employ a product-agnostic, plug-and-play architecture, and (3) insist on interoperability. IACD acknowledges that enterprises have different missions, business process rules, and resources and therefore may implement IACD differently. IACD must be flexible enough to support a range of enterprise environments, technologies, resources, and levels of sophistication. Finally, proprietary products must function together via nonproprietary methods.

IACD information is readily available throughout this website. See the “Our Work” webpage for:

  • IACD spiral development summaries
  • IACD reference architecture
  • IACD specifications
  • IACD reference implementations
  • IACD white papers addressing specific issues and challenges

In addition, a growing number of vendors, integrators, and service providers are entering this market and offering information on their products and services.

IACD stimulates both the demand for and the supply of IACD-related products and services. This stimulation has been achieved through research and experimentation spirals that result in practical demonstrations of IACD capabilities. In addition, the IACD team has engaged with potential adopters and vendors to make them aware of these capabilities and their market potential. To date, we have observed a growing interest in IACD adoption and a growing number of IACD-relevant products and services. This trend is expected to accelerate.

IACD Integrated Cyber events are held two or three times a year. They bring together an IACD community of interest (COI) composed of potential adopters, commercial firms, research organizations, academic institutions, cyber experts, and government agencies. Integrated Cyber events are an excellent opportunity to learn the latest information, make contacts, and contribute to a growing COI. Additional information about Integrated Cyber and ongoing IACD broader advancements is available here.

The IACD community of interest (COI) includes adopters, suppliers, cybersecurity experts, commercial firms, research organizations, academic institutions, and government entities. Currently, the IACD COI has no formal structure, but it involves organizations such as Information Sharing and Analysis Centers (ISACs), which operate on a more formal basis. It is an evolving community that continues to attract a variety of organizations interested in advancing the art of the possible in cyber defense. Come to an IACD Integrated Cyber event and meet the members of the community.

Contact the IACD team for more information and attend Integrated Cyber to network with other participants.

There are many ways to participate, as adopters, vendors, and influencers:

  • Participate in an IACD Integrated Cyber event
  • Share successes and lessons learned from your own experiences
  • Share your processes and procedures (playbooks) for responding to cyber events
  • Participate in or offer reference implementations to the IACD community in a limited or public forum
  • Assist in developing relevant specifications
  • Demonstrate IACD solutions
  • As a vendor or solution provider, participate in spiral efforts to demonstrate the art of the possible
  • Highlight how your organization measures or recognizes the value of security automation
  • Inform the IACD community of interest customer and industry about relevant objectives, challenges, user scenarios, successes, and gaps
  • Connect with our team!

The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators between the federal government and the private sector at machine speed. It uses the STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) format and transport standards to ensure compatibility with the rapidly expanding set of STIX compatible cybersecurity applications and initiatives. Additional information is available here.

AIS is one of many sources of threat information that IACD can employ. An IACD-enabled enterprise can consume and act upon AIS indicators and defensive measures. In return, IACD can provide indicators and defensive measures to AIS.